public void CreateToken_WhenPublicSigningSucceeds_ExpectPublicToken()
{
const string expectedToken = "public";
var tokenDescriptor = new PasetoSecurityTokenDescriptor(TestVersion, PasetoConstants.Purposes.Public);
mockVersionStrategy.Setup(x => x.Sign(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <SigningCredentials>()))
.Returns(expectedToken);
var token = sut.CreateToken(tokenDescriptor);
token.Should().Be(expectedToken);
}
public void CreateToken_WhenLocalEncryptionSucceeds_ExpectLocalToken()
{
const string expectedToken = "local";
var tokenDescriptor = new PasetoSecurityTokenDescriptor(TestVersion, PasetoConstants.Purposes.Local);
mockVersionStrategy.Setup(x => x.Encrypt(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <EncryptingCredentials>()))
.Returns(expectedToken);
var token = sut.CreateToken(tokenDescriptor);
token.Should().Be(expectedToken);
}
public void CreateToken_WhenPublicSigningThrowsException_ExpectSameException()
{
var expectedException = new ApplicationException("public");
var tokenDescriptor = new PasetoSecurityTokenDescriptor(TestVersion, PasetoConstants.Purposes.Public);
mockVersionStrategy.Setup(x => x.Sign(It.IsAny <string>(), It.IsAny <string>(), It.IsAny <SigningCredentials>()))
.Throws(expectedException);
var exception = Assert.Throws(expectedException.GetType(), () => sut.CreateToken(tokenDescriptor));
exception.Should().Be(expectedException);
}
public IActionResult Paseto(string version)
{
var handler = new PasetoTokenHandler();
SigningCredentials signingCredentials;
if (version == PasetoConstants.Versions.V1)
{
signingCredentials = new SigningCredentials(options.PasetoV1PrivateKey, SecurityAlgorithms.RsaSsaPssSha384);
}
else if (version == PasetoConstants.Versions.V2)
{
signingCredentials = new SigningCredentials(options.PasetoV2PrivateKey, ExtendedSecurityAlgorithms.EdDsa);
}
else
{
throw new NotSupportedException("Unsupported version");
}
var descriptor = new PasetoSecurityTokenDescriptor(version, PasetoConstants.Purposes.Public)
{
Issuer = "me",
Audience = "you",
SigningCredentials = signingCredentials
};
var token = handler.CreateToken(descriptor);
var payload = descriptor.ToJwtPayload(JwtDateTimeFormat.Iso);
return(View("Index", new TokenModel
{
Type = "PASETO",
Token = token,
Payload = payload
}));
}
public void CreateToken_WhenTokenVersionIsNotSupported_ExpectSecurityTokenException()
{
var tokenDescriptor = new PasetoSecurityTokenDescriptor("v42", PasetoConstants.Purposes.Public);
Assert.Throws <SecurityTokenException>(() => sut.CreateToken(tokenDescriptor));
}
public void CreateToken_WhenTokenPurposeNotSupported_ExpectSecurityTokenException()
{
var tokenDescriptor = new PasetoSecurityTokenDescriptor(TestVersion, "external");
Assert.Throws <SecurityTokenException>(() => sut.CreateToken(tokenDescriptor));
}
